When using Onguard there is the following dependency:
1. First WLAN dot.1x-Auth - Posture state is UNKOWN, because no status has yet been transmitted by the agent
2. Web-Auth by the agent - posture status is transmitted, a port bounce must occur at this point so that the posture status can be evaluated.
3. Second WLAN dot.1x-Auth - At this point, the dot.1x service must evaluate the posture code. However, it does not see it because the dot1x-wlan service and the web-auth service do not communicate with each other.
The trick is to activate "Use Cached Results" in the Enforcement tab.
Then the dot.1x-Auth service can read the posture code from the endpoint cache. Then everything works as desired.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACX - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jun 28, 2024 05:02 AM
From: Razovnyik
Subject: Clearpass Onguard problem